Enables the RADIUS (Remote Authentication Dial In User Service) client on the switch.
mgmt-access | Specifies the switch management RADIUS authentication server. |
netlogin | Specifies the network login RADIUS authentication server. |
RADIUS authentication is disabled for both switch management and network login by default.
Before you enable RADIUS on the switch, you must configure the servers used for authentication and configure the authentication string (shared secret) used to communicate with the RADIUS authentication server.
To configure the RADIUS authentication servers, use the following command:
configure radius {mgmt-access | netlogin} [primary | secondary] server [ipaddress | hostname] {udp_port} client-ip [ipaddress] {vrvr_name}To configure the shared secret, use the following command:
configure radius {mgmt-access | netlogin} [primary | secondary] shared-secret {encrypted} stringIf you do not specify a keyword, RADIUS authentication is enabled on the switch for both management and network login. When enabled, all web, Telnet, and SSH logins are sent to the RADIUS servers for authentication. When used with a RADIUS server that supports ExtremeXOS CLI authorization, each CLI command is sent to the RADIUS server for authorization before it is executed.
Use the mgmt-access keyword to enable RADIUS authentication for switch management functions.
Use the netlogin keyword to enable RADIUS authentication for network login.
The following command enables RADIUS authentication on the switch for both management and network login:
enable radius
The following command enables RADIUS authentication on the switch for network login:
enable radius netlogin
This command was first available in ExtremeXOS 10.1.
The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.
This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.